All you need to know about India’s largest banking security breach

All what happened, who said what - in wake of India’s largest banking security breach that happened recently; here is all you need to know and do

What happened?

A few Indian banks complained that their customers' debit cards (RuPay, Visa and MasterCard) were used fraudulently mainly in China and USA while customers were in India.

A possible compromise at one of the payment switch provider’s system was reported.

A total of 19 banks, 641 customers and INR1.3 crore were affected as reported by various affected banks.

All affected banks have been alerted by all card networks that a total card base of about 3.2 million could have been possibly compromised. Out of this 0.6 million are RuPay cards.

The banks intimated the aforesaid 3.2 million cardholders as a matter of precaution to either change the pin or replace the cards so that they are not misused in the future.

It was suspected that a compromise was at switch level which is PCI-DSS certified.

PCI Council - the international body which sets standards on for PCI–DSS – initiated a forensic audit of the switch of one bank which is likely to be the point of compromise. The forensic study is in progress.

Who said what?
Finance Minister, Arun Jaitely, asked the RBI to provide details about banking sector’s preparedness to deal with cyber crimes. Jaitley added that, “the idea is to contain the damage”

Shaktikanta Das, Secretary, Department of Economic Affairs said, “There is no cause for alarm, the integrity of IT system of banks is robust and whatever action is required, the government will take promptly.”

A. P Hota, MD and CEO, NPCI said, “Necessary corrective actions already have been taken and hence there is no reason for bank customers to panic. Advisory issued by NPCI to banks for re-cardification is more as a preventive exercise.”

A study by ASSOCHAM and Mahindra SSG stated, the frauds as detected by some of the largest banks were “waiting to happen.” India has been on the radar of the global cyber criminal since long, so much that India is the third most attacked country in the world.

It stated that card frauds have been the most reported online frauds and these have increased by six fold in past three years. And despite such alarming figures, such an incident “forcing most of the big banks to recall their swiping cards not only results into huge financial losses but also raises a question over the country’s cyber security” states the study.

Altaf Halde, Managing Director (South Asia) Kaspersky Lab India, in his press statement refused to accept of deny any breach in SBI but indirectly held the outdates communication standards responsible for the breach.

Refering to a months old release by Kaspersky Lab, the statement read, “ATM machines' outdated communication standard leaves them open to attack. ATMs can be easily hacked, malware can be installed & funds could be stolen. Almost any ATM in the world could be illegally accessed and jackpotted with or without the help of malware. The main reason for this is the widespread use of outdated and insecure software, mistakes in network configuration and a lack of physical security for critical parts of the ATM.”

As per Kasperky Lab, many ATMs are still running Windows XP, which is no longer supported by Microsoft.